psbt: Fix `PSBTInputSignedAndVerified` bounds `assert` #34272

pull l0rinc wants to merge 1 commits into bitcoin:master from l0rinc:l0rincpsbt-bounds-assert changing 1 files +1 −1
  1. l0rinc commented at 12:01 PM on January 13, 2026: contributor

    This PR fixes an off-by-one in a debug assertion in PSBTInputSignedAndVerified. The function indexes psbt.inputs[input_index], so the assertion must not allow indexing at psbt.inputs.size().

    Found during review: #31650 (review)

  2. psbt: Fix `PSBTInputSignedAndVerified` bounds `assert`
    The previous `assert` used `>=`, allowing `input_index == psbt.inputs.size()` and out-of-bounds access in `psbt.inputs[input_index]`.

Found during review: https://github.com/bitcoin/bitcoin/pull/31650#discussion_r2685892867
    2f5b1c5f80
  3. DrahtBot added the label PSBT on Jan 13, 2026
  4. DrahtBot commented at 12:01 PM on January 13, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34272.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK optout21, maflcko, achow101

    If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  5. optout21 commented at 1:40 PM on January 13, 2026: contributor

    utACK 2f5b1c5f80590ffa6b5a5bcfb21fddb1dc22e852 Trivial change to an assert, can be reliably assessed by local code inspection (2 lines). Code reviewed; build & unit tests verified locally.

  6. maflcko commented at 2:08 PM on January 13, 2026: member

    lgtm ACK 2f5b1c5f80590ffa6b5a5bcfb21fddb1dc22e852

    This is just a refactor/doc change, because the UB can not be reached in the current code-base, and is assumed to be unreachable anyway (due to the use of assert)

  7. maflcko added the label Refactoring on Jan 13, 2026
  8. willcl-ark commented at 2:58 PM on January 13, 2026: member

    FWIW I think I hit this on the fuzz tests here: https://github.com/willcl-ark/bitcoin/actions/runs/20883835381/job/60004100089#step:10:5614 So it may be possible for this to cause CI failure, at least.

  9. maflcko commented at 3:09 PM on January 13, 2026: member

    @willcl-ark No, that is #33999 from the input fuzz_corpora/psbt/3fa30f92df4e391124a56b76cc3db3eb71b5d69c from commit https://github.com/bitcoin-core/qa-assets/pull/252/changes/00c335ca2ac2831fdf3d0fc2197ac509530ae13b

  10. willcl-ark commented at 3:33 PM on January 13, 2026: member

    @willcl-ark No, that is #33999 from the input fuzz_corpora/psbt/3fa30f92df4e391124a56b76cc3db3eb71b5d69c from commit bitcoin-core/qa-assets@00c335c

    ah ok i see, thanks.

  11. achow101 commented at 12:15 AM on January 14, 2026: member

    ACK 2f5b1c5f80590ffa6b5a5bcfb21fddb1dc22e852

  12. achow101 merged this on Jan 14, 2026
  13. achow101 closed this on Jan 14, 2026
  14. fanquake referenced this in commit 7e1090f5e8 on Jan 14, 2026
  15. fanquake commented at 5:27 PM on January 14, 2026: member

    Backported to 30.x in #34283.

Contributors
l0rincDrahtBotoptout21maflckowillcl-arkachow101fanquake
Labels
RefactoringPSBT
Linked (view graph)
#31650 refactor: Avoid copies by using const references or by move-construction#34283 [30.x] More backports
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-15 00:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me